Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 07:33
Static task
static1
Behavioral task
behavioral1
Sample
a4717092e9f121a0d62f61881cd0404d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4717092e9f121a0d62f61881cd0404d_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4717092e9f121a0d62f61881cd0404d_JaffaCakes118.html
-
Size
2KB
-
MD5
a4717092e9f121a0d62f61881cd0404d
-
SHA1
553f1ed6f254654f5088680c2c52788b3e3b6079
-
SHA256
df28c585cead8522132546b49de775a942220777610dd8f5455d7ace454d2294
-
SHA512
782c1111fa3fb7d3b1eb6e8787e6a3169170fa459cbc9d5dc1a3f8218ac0890bb447052b732ee7f614317288bb338c629328ed3cba3ec1eb58586656c68543d7
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FDACA01-2957-11EF-8A46-EA263619F6CB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004253e2e83ef11640be8a9950260a87b900000000020000000000106600000001000020000000519b79df542e97dc2b843cdee61f6c57d0d0fa66a9d277e8c33014df0f5beb65000000000e8000000002000020000000cacaf8f336a763e7ee857466762395514ffc24803d635a15cf456066d0028f0820000000b8cca36ba58a2826d9f3550477668cd7b51796e95b9b7da8369a835a607f3f0840000000557ab83fd57d971d00eb3e79829bd712cee04390f7a6c33e64c10f0e3d6d4210a1f63ff1e612ef468b3b6169dee5fd14a2653d40146c7fb68478d9209eaa528a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004253e2e83ef11640be8a9950260a87b900000000020000000000106600000001000020000000a5b0a983666e8455135041598e73b77f4f5a512bb6e170db14579a54da278ba5000000000e800000000200002000000042f096ae24cbe1838a16f227a10d82ac6b20ff6df312337cd6c42ff6c699b810900000004fa32ba3d1ceeaecddedfec0de14323614c833c680b9d86dce9e4ae38905cad569eb33725d52aeb3187c1f4418de6705df99a9be5557105926adc145285f1df173a489440a72512c00d41196f276cca09760df3e582656630676d914bb3d50edc34c0dc0594c5eb07e9b8da5af842d3d2a8dce4cfcda54b0632cf32dd0d9668e3f173b35a289975060e8edf4fd24917440000000058ffbaa3030daaa0ccba80c0b66ea121b53ccc333206bd2edd2e5a1e61eaee6e55c236ce26cc5285aa36736982118ca76fe71e18eba84d1169f5b0dc156d96d iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425859" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b89c0464bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2836 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2836 iexplore.exe 2836 iexplore.exe 3056 IEXPLORE.EXE 3056 IEXPLORE.EXE 3056 IEXPLORE.EXE 3056 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2836 wrote to memory of 3056 2836 iexplore.exe 28 PID 2836 wrote to memory of 3056 2836 iexplore.exe 28 PID 2836 wrote to memory of 3056 2836 iexplore.exe 28 PID 2836 wrote to memory of 3056 2836 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4717092e9f121a0d62f61881cd0404d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3056
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5530f7f6ec0e4bd33ad05753df96f2cce
SHA1a8ac2e3a8e393726cbfe37a6bbe0a09f6e1885a2
SHA256849eff0c67c11cb3f0fb18b9e1743cf701e84633008f85f6d10f451e0fe89102
SHA51297956fd6972a5a257d6a2a40c1ad43c7c6428f50fd0eadd0f97a0fc09921ab1c251132e6b883f08d85e1c74923226b9d68c42612e85d6a1d7c5c33c966d9803f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54969f1a1408d3de3493bb24088612e32
SHA1255289282f8e6e7b132ec51c3d0548864e462fbc
SHA25648711c56e62e92a94f27864f2809d05dbbc6c6a063c144556b1189da44c879a0
SHA512c8de9e75e6dd54eab33da913c5bd96dec0f9e42b79aae5d289bdb840d2b823fb0650a7307a6650099c1da153a18a81d340a0ef41f5c135a8059d816e1fe2c192
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdb092ab66d175417c425ca8ddbf8200
SHA11e0ed5d76839aa6c1894238bc5bc97506ec5fee4
SHA256fc7330741e860a0f884e5c8fd1e22300e7c359ef7d1bc549c0333c4848c9b5c0
SHA51282532aebd4c02f68f3533d4082bcbb3e37af58191ae924581889ea2423d3f4adda3cc643116e95545316ad67161a824ddd4f9d2587467d4f06c6334ec03dec97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9309727a38699ef47596ad1a4b23b08
SHA10afae51bc3d2a976a106ecf748ef8a3928c9d93d
SHA25656f3988858a100b3fd20090edcff806a9f6dc06f84abacd9ab3302dc79c52a04
SHA51202f8b3247fa19d0dee4245e9a0e7b8d6ed0285b039f125b02c7754b16783107e9e99a0cf048df065beca488fba1b1817c1d84ff13e84ac927f3d7fd1caa673e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d66afdabd79550dc4467e2449fbd79d
SHA1f35580d7d99fdb320079de54917f86c587316564
SHA2569899b8624127cbdc2f0af58707be3615968abff265ef09fb52cb18a3dce063bc
SHA512ca4132d74e246f5c67df12c857be52f91b4bc3031c447b6eaab62d699cc071f2f8125697cdf7f86a364823048c57aa46791cc39753eb28bdca0c93ad04e1f9a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f4e5e0d7b1ab89399a0aadcccc9a1faf
SHA16d598e9cb6868558f412e5965365a357c4266335
SHA2562481032517ee33ea700fa65100111e3003d744048c613f04305e343df8f49249
SHA512d483626d0daf48fdacbb7bdf7bfffa1b720dbfe3448b050d308ec1932704886804fc60702f977c3881ce2da34223d1a00a01af80e6d7edab51710f624a806c75
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570cde30428dca28f56b2a19e9043b8f4
SHA1d7a5412877146ec0037e24de82c2065c291a8f68
SHA256d3a51c98c32ba967e08caf774caa85c557f4be5b528e7b7388d69ff53a4fd897
SHA5127239c8a435c48159efb95650fbedcef944e8c3f87b2e8857e437aecafeca6180ca5325febc14a9bc486b4776a5866c2c00ecdfd9fdeb01e35ec973b9f391a137
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c68ffa20ad68add1bb8706f2213e26b
SHA1edfedb3ce4f0333e01a468c92aef04e7d6bbbcdf
SHA256eff34a4f32a17398ce612bd490fa9242f1606893679275fbad7aee6a039b616b
SHA51287f0f05b6107211a673b1677f08da6f67391d4381c8772bfd7d6b4ce29821ea44469cb6f8a2a3e617a2ea812dcb501e873e45de56cc8b7008655a508ff33186f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc5a837bf838ab088d8198ba5da77da3
SHA1f17a18c0d406ff0efe1de0d7cf9db1642852c180
SHA2563892d5581836aad6b34972f564c268bb9a108782134ccf09843140320828d5a0
SHA512e94fe16dff0949ddd33d543ec58fff2d3a18af7804ddda73939192f40eda6c455df3c49fd47ba11b6ecfe3c2416ac8904e6deae3171b77db6ed4df6237985dd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d769b811ad9f4b5437e598f5da71a2f9
SHA18c694fc2f99bd558f66123cf4acf020df6f0f065
SHA256f2378f26335748022663d2715a9e1c7f68e4645496621d20175aa5a639b54c66
SHA512431e765404d19fc9162088bf5905f42f856d3f0de2def77c3ea1d3bacb2acdbae31aade78150a0a644cf7ec3771816462bfff4531e8456a6e016b3c26b86877f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ccfedf87599a51192bdd491f3f5fb281
SHA1b5f74031132432e7b25e135da775ada00a38105d
SHA2561a11a5ca135ed732c8c469775fff75687242101879f78cdc0d79a2d375b95b5c
SHA51272629c10e83af263242ee527424fc10eaef6eae5327ba05261b3507ee9a8be63895ddb01795d3d1aa76d0f6a7e625283138da8c97221ca79ce8b103632f74b21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5330932743821b205ba09399d6a91eeaf
SHA1e2f1129b94fff941e544bbc0d5f5269b8ba49742
SHA256793195e5fb497a78179eec6b04444892db4a99e4cef4555164e0cfcbde68c778
SHA5123cbee631858dcbfc527e2e63bdee896b4dee5ca1c6c1f47f1b4404118ab6ab16f25859fdd84c4bcad26caadb5cfd1b3abf57b8d07a18cfd07f898a0f5c8eb451
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6b100f91b61f35dc57cb41e431637e3
SHA11cf14e5f4fbafb949ffeac21069cd28f0738a0fa
SHA25602a8161a60c7c3294f29636bd183ad1c8709f68e7cf7f6797b1928f8b9f14693
SHA51243bb108320fd0438badf38acb4346ba0cb5ceb0980fe88761c811ecc6d732e9788ceb58f4d75069dff37699d589f4523cc9a42c6bdd2a186f662e7231b5607c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565313e1af184b58291a3a8abddecac94
SHA1b19f9d7bfee1f49f2fd6ebf5f8dffff5fb176a03
SHA2563a874c0ecf2eb41c2893228a250b2280efe62dc5016a0f5e83eb74a92f0e8903
SHA5126c8623666aaa7e3ddca67ace4bbc80086f8d9535ff5b1ee8fc894e62415918c2c22b8354d98a624056da2c9017b03b7c212036d526a38e5bf9378044593bf069
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576edf18afd718cafd3504d6290c3ff81
SHA12e849c3bd055d69549210024f06996c927ba95b9
SHA256374164332d0a2d8ec94d17d2347f15739b3faded4e9b5ae89b64f4589a6a520c
SHA512e8c9298335bc21479ec75f41c0df2ec497ef2dcc529098e02460b8381e95d0835b10801ae1c200f0763519345fa8dacb514552a0c07bd1e0883b387d6e8378d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9c886612c40d20f09bfd46cbd06bf80
SHA1b8449e030f8c519ba229e6794d65235d505c063d
SHA256af7e1ac9ce397730bed6fc00cc7e7ec8fbf721203907e9fb946355615fddb5b0
SHA5124808d1b66f2d19742d6e6a5c312d600334d3409da64e931c8f0e67a4e872d8a396014dc0962cf7b1557b01c064d09a2c3adfa08e33d226d1be67a61d5a1d0716
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1e6cdd91c610144bfbd2746f58d4338
SHA15616741b44b207d10ad99805f6aa32fc8f087271
SHA256e3e6154aaeac8e65d516e4c046a1bbc0b6d1237b75a36270efaf7a2761d2fd84
SHA51216d15853847b82c06aaff1585ae29c34bfc6308196f2dec7983588f5fd90c7c882ddb2dca752d66d6c996c6f8b00ad30dcfe909bab6c05257b84e0c7eb09b194
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd55c3e050d71c1df22882e1ecb972ad
SHA168f6079aa7be33d8d1c9cdc4bf67cc4cc0d69782
SHA256d8f60180a0799f072a17dbf2e5fb4915482bc39061e0e8d0da36803d1ffe8241
SHA51257c7de96542efb91579f683d748f6edd2f53c22262890d5f28d7516036cbfec62faf5a4db053b3c9eba182fb2005aa84bd9ec17eaa4a3f678f6aef990e3fad04
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b